I'm using google vision API in one of my PHP script.
Script works well when I'm executing it through the terminal:
php /var/www/html/my_script.php
But when I want to execute it from my browser I'm getting an error 500:
PHP Fatal error: Uncaught
Google\Cloud\Core\Exception\ServiceException: {\n "error": {\n
"code": 401,\n "message": "Request had invalid authentication
credentials. Expected OAuth 2 access token, login cookie or other
valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",\n
"status": "UNAUTHENTICATED"\n }\n}\n
I don't get why the error message suggests me to use OAuth 2, I don't need my user to log to his google account.
My code is the following:
namespace Google\Cloud\Vision\VisionClient;
require('vendor/autoload.php');
use Google\Cloud\Vision\VisionClient;
$projectId = 'my_project_id';
$path = 'https://tedconfblog.files.wordpress.com/2012/08/back-to-school.jpg';
$vision = new VisionClient([
'projectId' => $projectId,
]);
$image = $vision->image(file_get_contents($path), ['WEB_DETECTION']);
$annotation = $vision->annotate($image);
$web = $annotation->web();
Generally speaking, you will need to provide a service account keyfile when constructing a Google Cloud client. The exception to this is if you're running on Compute Engine, or if you have Application Default Credentials setup. Since you're seeing authentication errors, neither of those appear to be the case.
To obtain a service account and keyfile, check out the documentation.
Once you have created a service account and downloaded the json keyfile, you can provide it to the client library constructor:
<?php
use Google\Cloud\Vision\VisionClient;
$vision = new VisionClient([
'projectId' => $projectId,
'keyFilePath' => '/path/to/keyfile.json'
]);
Once you provide a valid keyfile, you should be able to make authenticated requests to the Vision API.
To avoid this step, you can setup Application Default Credentials on your server or computer.
Related
I have a react application and i'm trying to use aws dynamodb, i installed the php sdk but i don't know how to query my db.
I copied the tutorial here and i changed the endpoint to: "https://dynamodb.us-west-2.amazonaws.com".
I get this error: {"__type":"com.amazon.coral.service#UnrecognizedClientException","message":"The security token included in the request is invalid."}. I guess i have to add a security token somewhere, i don't know where and neither where to find it.
Any suggestion?
Based on your error, i think you need to check your aws secret key and access key. You can try to install aws cli then create user access programmatically from aws console from this link
Then you can try your source code after that.
The following code example shows how to get an item from a DynamoDB table.
// '/path/to/aws-autoloader.php' to import AWS SDKs.
require 'vendor/autoload.php';
use Aws\DynamoDb\DynamoDbClient;
use Aws\Exception\AwsException;
use Aws\DynamoDb\Exception\DynamoDbException;
// Create an SDK class used to share configuration across clients.
$sdk = new Aws\Sdk([
'region' => 'us-west-2',
'version' => 'latest'
]);
// Use an Aws\Sdk class to create the dynamoDbClient object.
$dynamoDbClient = $sdk->createDynamoDb();
try {
$dynamoDbClient->getItem([
'Key' => [
'id' => [
'N' => 1,
],
],
'TableName' => 'products',
]);
} catch (DynamoDbException $e) {
// Catch a DynamoDb-specific exception.
echo $e->getMessage();
} catch (AwsException $e) {
// This catches the more generic AwsException. You can grab information
// from the exception using methods of the exception object.
echo $e->getAwsRequestId() . "\n";
echo $e->getAwsErrorType() . "\n";
echo $e->getAwsErrorCode() . "\n";
// This dumps any modeled response data, if supported by the service
// Specific members can be accessed directly (e.g. $e['MemberName'])
var_dump($e->toArray());
}
Notice that we did not explicitly provide credentials to the client. That’s because the SDK should detect the credentials from environment variables (via AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY), an AWS credentials INI file in your HOME directory, AWS Identity and Access Management (IAM) instance profile credentials, or credential providers.
If we don’t provide a credentials option, the SDK attempts to load credentials from your environment in the following order:
Load credentials from environment variables.
Load credentials from a credentials .ini file.
Load credentials from IAM role.
We can also directly create the service-specific client object like below:
$dynamoDbClient = new DynamoDbClient(
[
'region' => 'us-west-2',
'version' => 'latest',
]
But AWS highly recommended that you use the Sdk class to create clients if you’re using multiple client instances in your application. As per AWS docs:-
The Sdk class automatically uses the same HTTP client for each SDK
client, allowing SDK clients for different services to perform
nonblocking HTTP requests. If the SDK clients don’t use the same
HTTP client, then HTTP requests sent by the SDK client might block
promise orchestration between services.
You can refer to the AWS document pages:-
AWS SDK PHP - BASIC USAGE
AWS SDK PHP - DynamoDB Examples
AWS SDK PHP - Configuration guide
AWS SDK PHP - APIs
I hope this helps.
I am following this example to get server-to-server access working between my PHP application and Google Cloud API's,
https://developers.google.com/api-client-library/php/auth/service-accounts. In particular, I need to access the Drive API.
When I run the application though I get the following error:
Google_Service_Exception : {
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
Here's what I have done:
Created a GCP project
Added a service account to the project, with domain wide delegation, and a set of keys
Enabled the Google Drive API in the project
In my G Suite account, under 'Manage API client access', I have added the Client ID of my service account, with the permission of https://www.googleapis.com/auth/drive
Have I missed a step?
Here's my code:
putenv('GOOGLE_APPLICATION_CREDENTIALS=my_storage/secure/my-app-service-account.json');
$client = new \Google_Client();
$client->setScopes(\Google_Service_Drive::DRIVE_METADATA_READONLY);
$client->useApplicationDefaultCredentials();
$client->setSubject('my_email#my_domain.com');
$drive = new \Google_Service_Drive($client);
echo $drive->about->get();
The example does not include the setScopes() call, however I was getting a scope-related error without it. (The example is not based on the Drive API, so perhaps it's not required in that case?)
UPDATE: In the IAM settings for the GCP, I added the email address of the service account as a Project Owner, but that made no difference.
I found the problem.
In the setScopes() call above, the value passed needs to be the same as the value given when setting up the client in G Suite, in this case https://www.googleapis.com/auth/drive
I want to use Google Cloud Vision API for image recognition, Everything installed fine in my yii2 framework.
I'm getting authentication error like :
> Google\Cloud\Core\Exception\ServiceException
> {
> "error": {
> "code": 403,
> "message": "The request is missing a valid API key.",
> "status": "PERMISSION_DENIED"
> }
> }
> 1. in C:\xampp\htdocs\vofms\vendor\google\cloud-core\src\RequestWrapper.php
> at line 336
> 32732832933033133233333433533633733
How to point my key.json file to GOOGLE_APPLICATION_CREDENTIALS environment variable In yii2 framework.
Thanks
The point you are failing is the Authentication as you are looking at the Cloud Vision library whereas the Cloud Vision is a part of the Google Cloud PHP in which you have the Authentication Guide given which recommends the following.
Once you've obtained your credentials file, it may be used to create an authenticated client.
use Google\Cloud\Core\ServiceBuilder;
// Authenticate using a keyfile path
$cloud = new ServiceBuilder([
'keyFilePath' => 'path/to/keyfile.json'
]);
// Authenticate using keyfile data
$cloud = new ServiceBuilder([
'keyFile' => json_decode(file_get_contents('/path/to/keyfile.json'), true)
]);
If you do not wish to embed your authentication information in your application code, you may also make use of Application Default Credentials.
use Google\Cloud\Core\ServiceBuilder;
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/keyfile.json');
$cloud = new ServiceBuilder();
The GOOGLE_APPLICATION_CREDENTIALS environment variable may be set in your server configuration.
LINUX OR MACOS
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
For example:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json"
I've been following this guide perfectly https://developers.google.com/api-client-library/php/auth/service-accounts in an attempt to get any little bit of information back from google, yet I keep getting a 403 Insufficient Permission.
I have created a service account, and it has given me a little json file with a private key, project ID, a client email and client ID, and lots of other nifty stuff that I cannot share here on stack overflow.
I then delegated domain wide authority to the service account to speciifc API scopes. https://www.googleapis.com/auth/analytics.readonly I did this through Google Apps domain's admin console.
I then prepared to make an authorized api call with this little bit of php.
<?php
require_once __DIR__ . '/vendor/autoload.php';
date_default_timezone_set('America/Los_Angeles');
$user_to_impersonate = 'my_real_email#companyname.com';
putenv('GOOGLE_APPLICATION_CREDENTIALS=/Users/alexfallenstedt/Desktop/Code/sticky-dash/service-account.json');
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->setScopes(['https://www.googleapis.com/auth/analytics.readonly']);
$client->setSubject($user_to_impersonate);
$sqladmin = new Google_Service_SQLAdmin($client);
$response = $sqladmin->instances->listInstances('examinable-example-123')->getItems();
echo json_encode($response) . '\n';
?>
I run this php file in console, and I keep getting this error.
Fatal error: Uncaught exception 'Google_Service_Exception' with message '{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
I am lost. My whole team is lost. We've gone through this multiple times. How can we set up server to server communication to fetch our google analytics reporting api data?
I ended up forgetting the beta version, and instead referred to v3 of two-legged OAuth. https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-php
I am currently struggling to get access to the google api when impersonating a user.
I can connect as that user however I am getting an error where I am presented with an error:
"error": {
"errors": [
{
"domain": "global",
"reason": "appNotAuthorizedToFile",
"message": "The user has not granted the app <app id> write access to the file <file id>",
"locationType": "header",
"location": "Authorization"
}
],
}
The recommended resolution is to use google Picker and get the user to allow my app to access this file. However as I am using a service account with domain wide delegation and g-suite enabled I thought this wasn't necessary.
my current php code is:
$client = new Google_Client();
$client->setApplicationName($appName);
$client->setAuthConfig($credentials);
$client->addScope($scopes);
$client->setClientId($key);
$client->useApplicationDefaultCredentials();
$client->setSubject($userTobe);
$client->setAccessType('offline');
I am using putenv to push my service_account.json into my file. I followed the quick start as it suggested. I have enabled all the required scopes in the security console. If I specify getRefreshTokenwithAssertion() i can get an access_token starting with ya29. however this still presents the error above.
I am currently at a loss on where to go from here. Any help would be greatly appreciated.
Which scopes are you using? Please ensure you are setting the drive auth scope in your application: https://www.googleapis.com/auth/drive (Google_service_Drive::DRIVE)
Has the client and scopes been authorized in the admin console?
admin console => security => Advanced settings => manage API client access